What to do after the Dropbox data breach of 68,648,009 passwords

Half way through 2012, Dropbox suffered a massive data breach which exposed the credentials of tens of millions of their customers. Earlier this month (August 2016) the company began forcing password resets to users suspected of still being at risk. The company also sent out emails to such customers informing them of the forced password resets.

Josh Feinblum, VP of Information Security at Rapid7, has recently commented on the breach:

“Dropbox began taking proactive action to protect their users nearly a week before information about this leak became public. Their customer-first approach was refreshing and likely mitigated a great deal of risk to their users. Their response is a great model for other cloud companies to follow. It’s our belief that the open dialogue about security will help to strengthen the security and technology communities.”

The website ‘Have i been pwned‘ soon sent out an email to every email address on the list that had signed up for email notifications. In the email HIBP specified that 68,648,009 accounts have been compromised. This compromise included both email addresses and passwords. As well as this information HIBP also commented:

Why are you only hearing about this now? Whilst the breach occurred in July 2012, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly. “Have I been pwned?” will always attempt to alert you ASAP, it’s just a question of how readily available the data is.

For some people the passwords leaked, as part of this breach, may have been their only password in circulation. Password management tools, such as Dashlane, help in the creation of unique passwords for an array of different accounts.

One of the most pressing actions for any security breach is to reset old passwords. It’s also important to clear any remaining sessions or connected devices. Dropbox’s management console has a great interface for this, allowing you to change your password and view all active sessions connected to your account.

James Stevenson

Im a Cyber Security enthusiast that loves all things to do with technology. I'm specifically interested in cyber security and ethical hacking.